Password Audit Service
Weak passwords are often the first foothold an attacker gains within a network environment. A single initial account provides the ability to identify key accounts and groups to target for escalating privileges. A White Knight Labs Password Audit provides the visibility necessary to identify these accounts as well as the information required to take corrective action.

White Knight Labs Password Audit provides analysis of Active Directory password hashes and all recovered passwords. Analysis will be performed against the extracted hashes and the domain Password Policy. White Knight Labs will then attempt to recovery the passwords in cleartext from the Active Directory hashes. This is a very common technique attackers use during a domain compromise to gain additional access into the network.
Why Do You Need a Password Audit?
Passwords have become the main point of entry for hackers. Any password that is complex enough to be secure cannot be remembered easily, and with an ever-increasing number of passwords being needed, users often reuse them, which is a huge security risk.
If one member of the network team uses a weak password,it can diminish the security posture of the entire organization. Likewise, if one member of the team reuses a strong password elsewhere and it is compromised, then the entire network is exposed.
Between weak and reused passwords, networks are far less secure than they should be by design. The first step in rectifying this situation is to audit passwords on the network. A password audit is simply using similar software as hackers to test the domain against dictionary attacks, brute force attacks, and more.
A password audit can help analyze your domain password policies to see if they enable users to create secure passwords. White Knight Labs will generate reports that identify accounts with weak or common passwords, identical passwords, blank passwords and more. In addition to these insights, White Knight Labs will test all user account hashes against a complex recovery system that real attackers currently use today. The recovery system will attempt to crack the password hash of each user within the Active Directory domain.
What will the White Knight Labs Password Audit Provide You?
The Password Audit service was designed to give CISOs and system administrators the required visibility to improve their defenses against password-based attacks. The deliverable at the end of the engagement is a thorough report detailing the risks with the current password policy.
The Password Audit service will give you an in-depth look on the following items:
- Weak passwords using common words such as Summer2021 and Winter2022
- Weak passwords recovered from sensitive Active Directory groups such as “Domain Admins” or “VPN Users”
- Analysis of password history for all users in Active Directory
- Password statistics based on length, re-use, and common words
- Analysis of Active Directory domain password policy
- Analysis of Password Rotation Policies for Information Technology groups and users
The Password Audit service will include findings and recommendations that are geared towards improving the security of your Active Directory users and passwords. The audit report will include an interactive report that will help identify common risks associated to weak passwords and Active Directory domains. An executive summary will also be provided that is sanitized of sensitive information for executives and board members.
How does the White Knight Labs audit work?
The password audit is performed by simply running our audit tool on a Domain Controller on your network. The audit tool will create an encrypted file that only you will have the password to. The audit tool uses the same methods an attacker would use to extract the Active Directory hashes from the network. The audit tool will also scan Active Directory to find group-based information that will be used to help identify weak passwords and common issues for critical groups such as “Domain Admins”, “VPN Users” or “Executives”.
The encrypted zip file will then be transferred by you or our team to a secure SFTP location. All data is immediately deleted once our team has confirmed the file has been received. Once White Knight Labs has received the data, an offline password recovery system will ingest the data and attempt to recover clear text passwords for all user hashes extracted from Active Directory. Depending on the number of users contained within the Active Directory domain, the password recovery system can take up to 2-3 days to complete.
Once the offline password recovery system has completed, a report is generated which is then uploaded to the White Knight Labs SFTP server. An email notification will be sent out notifying your team that a report is available for download. All data is wiped from all servers and systems 30 days from the final report completion date.
Get Your WKL Password Audit Today
To perform an Active Directory password audit, you will need the following items:
- Domain Admin Credentials
- Access to a Domain Controller to run the proprietary WKL Audit Tool
- Identify up to 10 Active Directory groups you would like analyzed - Optional
White Knight Labs has multiple options for retrieving the data from your Active Directory network. Our team is able to work with you and can customize our approach in anyway necessary. If you have any questions about our service offering or have questions on additional ways we can help you please reach out.